The average U.S. company of 1,000 employees or more spends $15 million a year battling cybercrime, up 20 percent compared to last year, according to a report released today.

Attacks involving malicious code, malware, viruses, worms, trojans and botnets accounted for 40 percent of this cost, followed by 16 percent for denial of services, 14 percent for phishing and social engineering, 12 percent for web-based attacks, 10 percent for malicious insiders and 7 percent for stolen devices.

One of the reasons for the high cost of battling cybercrime is that it takes an average of 46 days to contain a successful attack after it has been detected, said Larry Ponemon, chairman and founder at Traverse City, MI-based Ponemon Institute, LLC